Mirai Botnet Targets Flaw in Discontinued D-Link Routers
The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication. The post Mirai Botnet Targets Flaw in Discontinued D-Link Routers appeared first on SecurityWeek.
A Mirai botnet is targeting discontinued D-Link routers impacted by a command injection vulnerability disclosed a year ago, Akamai reports.
Tracked as CVE-2025-29635, the security defect exists because an attacker-controllable function value is copied without validation, and can be exploited through crafted POST requests.
“The router extracts the value that ends up in the command buffer from the request body without checking which form field it came from,” Akamai notes.
Source: https://www.securityweek.com/mirai-botnet-targets-flaw-in-discontinued-d-link-routers/
Related breach coverage
- Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers2026-04-22
Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without […]
- Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers2026-04-20
In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed. The post Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers appeared first on SecurityWeek.
- Critical Marimo Flaw Exploited Hours After Public Disclosure2026-04-10
Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild. The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.
- Exploitation of Critical Fortinet FortiClient EMS Flaw Begins2026-03-31
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.